<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<font face="Arial" size="2">Hi Philipp, <br>
<br>
Thanks for your reply. It really helped. <br>
<br>
Did I understand you correctly that we should respond to those requests sent by Icecast without username and password with HTTP status code 200 and the header "Icecast-Auth-Message: No username provided"?
<br>
<br>
Best regards, <br>
Christian <br>
<br>
> Good morning, <br>
> <br>
> On Tue, 2020-06-16 at 13:25 +0000, Christian Stoller wrote: <br>
>> Hi, <br>
>> <br>
>> we are using Icecast with url authentication for some days now. This <br>
>> generally works quite well. But our web service that provides the <br>
>> authentication check sometimes gets requests with the following <br>
>> parameters: <br>
>> <br>
>> { <br>
>> "action":"stream_auth", <br>
>> "mount":"/stream", <br>
>> "ip":"xxxxx", <br>
>> "server":"xxxx.yyyy.de", <br>
>> "port":"12345", <br>
>> "user":"", <br>
>> "pass":"", <br>
>> "admin":"1" <br>
>> } <br>
>> <br>
>> The passed username and password is empty. Why does this happen and <br>
>> what should our authentication provider response to such a request? <br>
> <br>
> This is perfectly correct and totally expected: <br>
> HTTP does the auth in two steps: First a request is sent with no <br>
> credentials. In this step the request will pass (no credentials needed) <br>
> or the server will reply parameters on how to provide them. This is <br>
> important as otherwise the client would send credentials blindly, <br>
> allowing a wide range of attacks (both passive and active). <br>
> <br>
> If asked by the server, the client will then retry again with <br>
> credentials. Which will then let Icecast ask the backend again. <br>
> <br>
> <br>
> Why does Icecast forward both requests? Very simple: Not all auth setups <br>
> require username:password. E.g. some are only for logging and <br>
> accounting. Some auth using the IP address, which is already known in <br>
> the first request. <br>
> <br>
> (That said, Iecast 2.5.x (current development versions) can be <br>
> configured to reject those request without asking the backend.) <br>
> <br>
> <br>
>> Currently we response with HTTP status code 403 and the header <br>
>> "Icecast-Auth-Message: No username provided". <br>
> <br>
> If you require username:password for auth, then reject those requests to <br>
> let Icecast tell the client. <br>
> <br>
> Generally you should reply with a positive status code to Icecasts <br>
> requests. The status code you send is about the request from Icecast to <br>
> your backend server, not for the request from the client to Icecast. <br>
> <br>
> <br>
>> Icecast logs the following at the time of the request: <br>
>> > [2020-06-11 10:08:57] INFO auth/auth_stream_authenticate request <br>
>> source auth for "/stream" <br>
>> > [2020-06-11 10:08:57] INFO auth/queue_auth_client auth on /stream <br>
>> has 1 pending <br>
>> > [2020-06-11 10:08:57] WARN auth/stream_auth_callback Failed auth for <br>
>> source "/stream" <br>
>> <br>
>> I hope you can help me. <br>
> <br>
> Hope that helped. :) <br>
> <br>
> <br>
>> Best regards <br>
>> <br>
>> Mit freundlichen Grüßen aus Paderborn <br>
> <br>
> <br>
> Mit freundlichen Grüßen aus Südhessen, <br>
> <br>
> -- <br>
> Philipp Schafft (CEO/Geschäftsführer) <br>
> Telephon: +49.3535 490 17 92 <br>
> <br>
> Löwenfelsen UG (haftungsbeschränkt) Registration number: <br>
> Bickinger Straße 21 HRB 12308 CB <br>
> 04916 Herzberg (Elster) VATIN/USt-ID: <br>
> Germany DE305133015 <br>
</font>
<div><span><font style="font-size: 11pt" face="Calibri"><br>
Mit freundlichen Grüßen aus Paderborn <br>
<br>
Christian Stoller <br>
Web-Entwicklung <br>
<br>
LEONEX Internet GmbH <br>
Technologiepark 6 <br>
33100 Paderborn <br>
Tel: +49 (5251) 4142-526 <br>
Fax: +49 (5251) 4142-501 <br>
<br>
<br>
HRB 8694 AG Paderborn <br>
Geschäftsführer: Stephan Winter <br>
<br>
<hr>
<b>LEONEX ist Google Premier Partner.<br>
Mit der staatlichen Förderung Go-Digital in die Digitalisierung. Wir sind Ihr Ansprechpartner für<br>
erfolgreiche Webauftritte, E-Commerce, individuelle Softwarelösungen, Online-Marketing und Hosting.</b><br>
<hr>
<br>
</font></span></div>
</body>
</html>